ISC Offers Response Policy Zones For DNS - Slashdot

Slashdot

ISC Offers Response Policy Zones For DNS 39

Posted by Soulskill on Friday July 30 2010, @05:22PM
from the cleaning-up-the-e-streets dept.

penciling_in writes "ISC has made the announcement that they have developed a technology that will allow 'cooperating good guys' to provide and consume reputation information about domain names. The release of the technology, called Response Policy Zones (DNS RPZ), was announced at DEFCON. Paul Vixie explains: 'Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day. ... If your recursive DNS server has a policy rule which forbids certain domain names from being resolvable, then they will not resolve. And, it's possible to either create and maintain these rules locally, or, import them from a reputation provider. ISC is not in the business of identifying good domains or bad domains. We will not be publishing any reputation data. But, we do publish technical information about protocols and formats, and we do publish source code. So our role in DNS RPZ will be to define 'the spec' whereby cooperating producers and consumers can exchange reputation data, and to publish a version of BIND that can subscribe to such reputation data feeds. This means we will create a market for DNS reputation but we will not participate directly in that market.'"

This discussion has been archived. No new comments can be posted.

ISC Offers Response Policy Zones For DNS

Search 39 Comments Log In/Create an Account

Comments Filter:

A question that comes to mind... (Score:4, Interesting)

by Yaa 101 (664725) writes: on Friday July 30 2010, @05:35PM (#33089776) Journal

Are we satisfied of that other reputation system called SSL certificates?

Share
twitter facebook
Re:A question that comes to mind... (Score:3, Interesting)

by Dr. Evil (3501) writes: on Friday July 30 2010, @06:01PM (#33090138)

The main reason I'm not using them and I'm sure most others aren't is because SSL sucks for virtual hosts. Else, I'd have a self-signed or cacert cert on all my domains.

Parent Share
twitter facebook
Re:Could this be used for political purposes? (Score:4, Interesting)

by N0Man74 (1620447) writes: on Friday July 30 2010, @06:02PM (#33090146)

First of all, didn't they say that the reputation would be determined by "cooperating good guys"? Since when has Comcast ever been described as "cooperative", or "good"? ;-)
But seriously, reputations aren't usually vetoes where one person can blackball a server, are they? I would imagine that they would realize that it would be a waste of time, given that all of the other "good guys" would collectively carry too much weight for one entity to effectively sabotage.
I also imagine that they'd realize that this would be a good way to lose credibility as a "good guy", and maybe have it revoked.
Hopefully the same principal would apply on the other end if a "non-good guy" gets in the system in order to push bad sites.
I seriously doubt it will be a magic bullet, but it might help.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

1051 commentsRand Paul Has a Quick Fix For TSA: Pull the Plug
911 commentsMandatory Brake-Override Proposed For All Cars
737 commentsGimp 2.8 Finally Released
707 commentsIcons That Don't Make Sense Anymore
700 commentsDiesel-Like Engine Could Boost Fuel Economy By 50%

snappy repartee: What you'd say if you had another chance.